password reset via encrypted token by email

core/views/user_registration.py

@@ -23,7 +23,23 @@ todo = """
 - login automatically, and redirect to control panel ?
 """
 
-
+def reset_done(request):
+    """This page is called when a password reset has successively occured
+    Unfortunately by this point, we do not know the name of the user who initiated the
+    password reset, so when we do the git commit of the encrypted users file
+    we do not have a name to put to the responsible person. To do that,
+    we would have to intercept at the previous step, the url:
+    "reset/<uidb64>/<token>/",
+        views.PasswordResetConfirmView.as_view(),
+    and this class-based view is a lot more complicated to replace or sub-class.
+    
+    Currently we are doing the git commit anonymously.. though I guess we could attempt to
+    read the cookie... if it is set. 
+    """
+    current_user = request.user
+    save_users(request, current_user)
+    return HttpResponseRedirect("/accounts/login/")
+ 
 def register(request, username=None):
     """To register a new user on the troggle system, similar to the "expo" user
     (with cavey:beery password) but specific to an individual
@@ -46,7 +62,7 @@ def register(request, username=None):
                     # return render(request, "login/register.html", {"form": form, "unauthorized": True}) 
             # create User in the system and refresh stored encrypted user list and git commit it:   
             updated_user = register_user(un, email, password=pw, pwhash=None)
-            save_users(request, updated_user, email)
+            save_users(request, updated_user)
             # to do, login automatically, and redirect to control panel ?
             return HttpResponseRedirect("/accounts/login/")
     else:
@@ -63,9 +79,12 @@ def register(request, username=None):
 
     return render(request, "login/register.html", {"form": form, "warning": warning})    
 
-def save_users(request, updated_user, email):
+
+
+def save_users(request, updated_user):
     f = get_encryptor()
     ru = []
+    
     print(f"\n + Saving users, encrypted emails, and password hashes")
     for u in User.objects.all():
         if u.username in ["expo",  "expoadmin"]:
@@ -76,29 +95,32 @@ def save_users(request, updated_user, email):
         original = f.decrypt(e_email).decode()
         print(f" - {u.username} -  {original}")
 
+    if updated_user.is_anonymous:
+        git_string = f"troggle <troggle@exposerver.expo>"
+    else:
+        git_string = f"{updated_user.username} <{email}>"
     encryptedfile = settings.EXPOWEB / ENCRYPTED_DIR / USERS_FILE
     try:
         print(f"- Rewriting the entire encrypted set of registered users to disc ")
-        write_users(ru, encryptedfile, updated_user, email)
+        write_users(ru, encryptedfile, git_string)
     except:
         message = f'! - Users encrypted data saving failed - \n!! Permissions failure ?! on attempting to save file "{encryptedfile}"'
         print(message)
+        raise
         return render(request, "errors/generic.html", {"message": message})
 
-def write_users(registered_users, encryptedfile, updated_user, email):       
+def write_users(registered_users, encryptedfile, git_string):       
     jsondict = { "registered_users": registered_users }
     try:
-        if settings.DEVSERVER:
-            with open(encryptedfile, 'w', encoding='utf-8') as json_f:
-                json.dump(jsondict, json_f, indent=1)
+        with open(encryptedfile, 'w', encoding='utf-8') as json_f:
+            json.dump(jsondict, json_f, indent=1)
     except Exception as e:
          print(f" ! Exception dumping json <{e}>")
          raise
        
     commit_msg = f"Online (re-)registration of a troggle User"
-    editor = f"{updated_user.username} <{email}>"
     try:
-        add_commit(encryptedfile, commit_msg, editor)
+        add_commit(encryptedfile, commit_msg, git_string)
     except Exception as e:
          print(f" ! Exception doing git add/commit <{e}>")
          raise